Since 2004, a source for ranting, reviews and InfoSec news

Menu

January Patches

After a fairly light December patching load, January took no prisoners.
Microsoft’s patch Tuesday had just one patch, MS10-001. But they made up for that with an out of band update later in the month MS10-002. They also put out a bulletin warning about old flash installs.
Adobe and Oracle piggybacked on patch Tuesday to release updates as well. Vendors pretend its more convenient for people to get all their patches at once, but Its more about losing their own vulnerability announcements in the crowd. Adobe Reader is installed on most machines, so deploying Reader and Acrobat updates is kind of a big deal.
To keep admins on their toes, Adobe also released security updates for Shockwave and Illustrator.
Real Player kept its name in the news with a security update of its own. While it lacks its once ubiquitous presence, it is another thing to watch for.
Firefox released 3.6. Fortunately , this was about new features not security fixes.
Apple not wanting to feel left out released a mega security update rolling up multiple patches.
Wireshark 1.2.6 came out with a couple of security updates.
If you’re responsible for patching in the enterprise looks like you picked the wrong month to stop sniffing glue.
For home use, I use the Secunia Personal Software Inspector in advanced mode. They are now a bit better about prompting you to exclude directories like i386 to avoid nagging you about things that aren’t a problem.